Mechanism for detecting and reporting traffic/service to a PCRF

ABSTRACT

A method implemented by a policy server operating on a network to which is connected a device that performs a data packet inspection function, the method involving: sending a first message over the network from the policy server to the device, the first message instructing the device to detect an occurrence of a particular network traffic or service taking place over a connection on the network and to send a notification to the policy server upon detecting the occurrence of that particular network traffic or service; at the policy server receiving a notification from the device that the device has detected the occurrence of that particular network traffic or service; and in response to receiving the notification, sending a second message over the network from the policy server to a network component, the second message containing information associated with the notification.

This application claims the benefit of U.S. Provisional Application No. 61/228,278, filed Jul. 24, 2009, the contents of which are incorporated herein by reference.

TECHNICAL FIELD

This invention generally relates to communication networks and, more particularly, to detecting and reporting traffic and/or services in communication networks.

SUMMARY OF THE INVENTION

There are various aspects of the embodiments described herein that are new. These include, for example: instructing the Deep Packet Inspection (DPI) module to report to the PCRF (Policy and Charging Rules Function) the occurrence of a certain traffic or service type over a connection event as contrasted with taking some enforcement action on its own; the ability of the PCRF to take an action upon such notification as well as notify an Application Function (AF) about such an event, which could otherwise go unnoticed; the ability of the AF to be notified about such an event and take an action; and the ability for the PCRF to tell the DPI which applications it wants triggers for per subscriber. Without the mechanisms described herein, the DPI would have to be separately provisioned and there are no good ways to do that on a per application or per subscriber basis.

In general, in one aspect, the invention features a method implemented by a policy server operating on a network to which is connected a device that performs a data packet inspection function. The method involves: sending a first message over the network from the policy server to the device, the first message instructing the device to detect an occurrence of a particular network traffic or service taking place over a connection on the network and to send a notification to the policy server upon detecting the occurrence of that particular network traffic or service; at the policy server receiving a notification from the device that the device has detected the occurrence of that particular network traffic or service; and in response to receiving that notification, sending a second message over the network from the policy server to a network component, the second message containing information associated with said notification.

Other embodiments include one or more of the following features. The network component is the device. The second message instructs the network component to apply a new rule to the particular network traffic or service taking place over the connection. The second message contains the new rule or a pointer to the new rule. The device is a gateway which also implements the data packet inspection function. The component is a computer system running an application function. The second message reports the detected occurrence of the particular traffic or service to the network component. The second component logs information received from the policy server via the second message. The policy server implements a policy and charging rules function (PCRF). The method further involves receiving a notification that a particular subscriber has established the connection over the network and wherein sending the first message over the network from the policy server to the device is in response to receiving the notification that the particular subscriber has established the connection over the network.

The details of one or more embodiments of the invention are set forth in the accompanying drawings and the description below. Other features, objects, and advantages of the invention will be apparent from the description and drawings, and from the claims.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a high level diagram of a mobile network.

FIG. 2 is a ladder diagram illustrating message exchanges in the mobile network of FIG. 1.

DETAILED DESCRIPTION

An underlying motivation for the embodiments described herein is providing a mechanism to enable a network operator to be more aware of what the communication pipes that are implemented by the network are being used for.

FIG. 1 shows a representative network that will be used to describe in greater detail the ideas presented herein. It includes a mobile network 10 in which mobile stations (MS) 12 communicate or connect with each other and/or with application servers 14 located elsewhere on a core network 16, e.g. an IP network.

Mobile network 10 includes receiving towers 30 with associated base stations and base station controllers (not shown) connected to SGSNs 32. SGSNs 32 are, in turn, connected via an core access network 34 to one or more GGSNs (Gateway GPRS Support Nodes) 36. All traffic from the SGSNs goes through the GGSNs. The GGSN supports the use of GPRS (General Packet Radio Service) in a GSM (Global Service for Mobile communications) network. GPRS is a packet based communication service which allows packets to be sent and received across a mobile telephone network. And GSM is a popular standard for mobile phones throughout the world. It is responsible for interfacing between the GPRS network and an external packet switched network, such as the Internet or X.25 networks.

From the point of view of the external networks, the GGSN is like a gateway or router to a sub-network. When the GGSN receives data addressed to a specific user, it checks if the user is active. If the user is active, the GGSN forwards the data to the SGSN serving that mobile user.

The GGSN enables the mobility of the user device. It has a number of functions but the ones that are particularly relevant to the embodiments described herein include: storing the SGSN address of the user, storing the user's profile, performing authentication and charging functions, and QoS and PDP context-management.

The SGSN is a Serving GPRS Support Node. It is responsible for the delivery of data packets from and to the mobile stations within its geographical area. Its tasks include packet routing and transfer, mobility management, and authentication and charging functions, to name a few.

The architecture implements a Policy and Charging Control (PCC) architecture which determines and enforces dynamic QoS and charging policies to all the network infrastructure elements involved in providing a specific requested service. It includes a Policy and Charging Rules Function (PCRF) and a Policy and Charging Enforcement Function (PCEF). The PCRF is the node or module for determining the policy rules and performing a provisioning function. For example, a set of policy rules can be activated to verify access pet mission, checking and debiting credit balance etc., all in real-time. The PCRF enforces these policy rules through its interaction with the PCEF.

In the described embodiment, within GGSN 36, there is a PCEF (policy charging enforcement function) 38 and a DPI (Deep Packet Inspection) function 40. As noted above, PCEF 38 enforces the rules for the sessions handled by GGSN 36. And DPI 40 enables GGSN 36 to snoop the packets for details about various layers of the data packet.

In general, DPI 40 includes functionality enabling it to perform traffic type and service flow detection. DPIs comes in different types. They can be standalone, passive devices that might simply sit somewhere on the network and “listen” to traffic that goes by, e.g. email traffic, Skype traffic, etc. In that case, the DPI can be almost anywhere; but normally it is part of the operator's network infrastructure, e.g. close to or part of border gateway. They can participate moderately by actively listening and also enforcing or applying some routing or Quality of Service (QoS) or gating (e.g. blocking or enabling traffic) functionality. Or they can participate strongly by being integrated into and forming a part of the border gateway device (e.g. GPSN) thereby being located at the point of enforcement of policies for the network. In the described embodiment, DPI 40 is integrated into PCEF 38 and effectively extends functionality of the PCEF.

Located elsewhere on the core network is a PCRF 50. PCRF 50 is a policy server that among its many functions controls who is allowed onto the network, the QoS and bandwidth that is applied to that user, and the charging rules for usage of the network. This aspect of its operation is implemented by PCRF 50. In general, PCRF 50 makes the policy decisions and is responsible for sending commands to another element that sits in the traffic path and that enforces those policy decisions. What those paths are and what the other elements are depends on the type of network. In the case of the wireless network of the described embodiment, the other element is the PCEF in the GGSN, which then implements those policy decisions. In short, PCEF 38 and PCRF 50 are peers that communicate with each other to implement bandwidth, QoS, and charging policies.

Access requests by subscribers or users go to PCRF 50 which evaluates these requests and either approves or denies them, depending on availability of network resources and policies or rules that are available to PCRF 50. If the request is approved, PCRF 50 instructs the appropriate gateway device (e.g. GGSN) 36 to reserve bandwidth and QoS for the session. Its extended functionality includes keeping track of and monitoring the state of the network (what is happening on the network, the state of the sessions, etc.) and making policy decisions based on the state of the network. In general, gateways are not permitted to service traffic without authorization from PCRF 52.

There is also a Subscription Profile Repository (SPR) 60 which stores user-related information and user profiles for use by PCRF 50. More specifically, SPR database has entitlements for users, user profiles, bandwidths that should be applied, charging schemes, etc. In the described embodiment, it is part of an manager 62 that serves to configure all kinds of policy rules that go into the PCRF. However, SPR 60 could be separate from manager 62.

There are also application servers 14(1) and 14(2) (AS1 and AS2) located elsewhere on the IP network. There are many different types of application servers. For example, they Yahoo web servers, file upload servers, video servers, Xbox servers, and VoIP servers, just to name a few.

The PCEF/DPI detects a particular traffic/service and notifies the PCRF. The PCRF then instructs PCEF/DPI accordingly (e.g. QoS upgrade) as well as notifies other interested or subscribed nodes (e.g. AFs).

The monitoring and notification role played by the PCEF/DPI is particularly useful in networks for which there is no server controlling the communication. For example, in the case of VoIP calls, there is a server that handles and manages those calls. The ISP might want to know about VoIP calls so as to apply special charging rates or special behaviors to those calls. If the VoIP server is under the control of the ISP, then detection and enforcement is relatively straight forward. But in networks carrying communications that do not involve a server monitoring how the data pipe is being used can present more of a challenge. One example is communications in which data packets are sent in point-to-point communications (e.g. Skype calls). The ISP typically does not have a server that manages those types of calls and is thus not able to detect their presence on the network. So, one can readily see in that example that the ISP may not know precisely how its network and data pipes are being used. This unawareness is a barrier to ISP being able to provide the level of service that is appropriate to the usage and it is a barrier to the ISP being able to apply charging policies that are appropriate to the usage to which the subscriber is putting the network. The functionality described herein addresses that shortcoming.

Of course, the DPI needs to be programmed to detect Skype calls, or whatever other types of traffic that one wants it to detect. The DPI can be programmed to detect any type of message that might pass over the network so long as the details of the protocol for that message are known to the DPI. The IP packet (or more generally, the data packet) carries all of the information about the communication that is taking place. The relevant parts of that information just need to be extracted to identify what type of traffic or service the packet is part of.

FIG. 2 presents a ladder diagram which shows an exchange of messages that implements the DPI notification function described herein.

The exemplary exchange begins with a cellular device (e.g. cell phone) initiating a normal attach process by sending an appropriate request message to the gateway containing PCEF.

When a subscriber comes online, the subscriber's mobile station sends a session request to the GGSN. In the described embodiment, this request is in the form of an “Act IP CAN Request” which solicits IP context (i.e., packet session attributes). That request indicates the location of the subscriber, which in this case is known by virtue of the cell tower to which the subscriber is connected.

As a result of processing that session request, the PCEF within the GGSN sends an inquiry to the PCRF. In the described embodiment, the PCEF/DPI and PCRF communicate with each other by using the Diameter protocol, though any one of the available alternative protocols could be used instead. So, in this case, the particular message that the PCEF sends to the PCRF is a CCR-I (Credit-Control-Request Initial) message. This message notifies the PCRF that a new session is being requested by the subscriber, who is identified in the command; it seeks authorization for setting up a session for that subscriber; and it seeks to retrieve the policy rules package that is relevant to the particular GGSN and the particular user/subscriber identified in the message. For example, it seeks bandwidth, QoS, and charging policies that are to be applied to the new session for that subscriber.

In response to receiving the CCR-I message, the PCRF retrieves from the SPR the user profile. The PCRF then passes the user profile to the PCEF within the GGSN using a CCA-I (Credit-Control-Answer) message. And the PCEF stores the profile locally.

If the DPI is part of the PCEF, as it is in this embodiment, the CCA-I message also contains instructions for the DPI to listen to the connection that is being set up and notify the PCRF if service or traffic of a particular type (e.g. Skype call, gaming traffic, etc.) is detected over that connection. If the DPI is not part of the PCEF but is located elsewhere, the PCRF knows its location and sends a separate CCA-I message to the DPI with the relevant instructions.

In this described scenario, the rules are carried by the message that is sent to the PCEF/DPI. Alternatively, the various rules could be stored so as to be accessible to the PCEF and the message simply contains a pointer to the particular rule that is to be applied or implemented.

Assuming the requested session is authorized, the PCEF sets up the session with the appropriate charging and QoS attributes and sends a response (in the form of an Act IP CAN response) to the subscriber's device. This acknowledges that a connection was made. If no connection was made, the subscriber's device generates an error message indicating that fact to the subscriber.

Up to this point no traffic has yet taken place. The steps that were implemented simply involve letting the system know that user has turned on cell phone and acknowledging to the user that the system is aware of the user's cell phone being active. At some later time, the user may use the connection for communications over the network.

Assume, for this example, the DPI was instructed to notify on the basis of detecting a particular point-to-point communication over the established connection. Normally this kind of traffic would go under the radar of the conventional equipment employed by the operator of the network and would not be detected. For example, PC to PC communications often take place without any other devices or servers involved in that communication other than the network infrastructure.

Examples other than point-to-point communications include two common type of traffic, namely, video streaming and gaming both of which happen to be examples of client-server communications.

Upon detecting that point-to-point communication, the DPI sends a CCR-U (Credit-Control-Request-Update) message to PCRF notifying it that the particular traffic/service was detected.

In response to receiving that notification, the PCRF takes whatever action is desired or appropriate. For example, it might be desirable to upgrade the QoS for that connection when it is being used for that particular type of traffic; or it might be desirable to install different charging rules. The PCRF sends the corresponding instructions to the PCEF using a CCA-U message. And the PCEF responds by having the gateway implement the new rules.

For example, the PCRF might instruct the DPI to detect Skype calls and notify the PCRF of such calls which the PCRF then might want to instruct the PCEF to either block or notify the caller that an upgrade in the service package would be appropriate.

The PCRF may also (or in the alternative) notify an application function (AF) located elsewhere on the network. For example, the PCRF could notify that application that the DPI has reported detecting a particular event. The AF can then take whatever action is appropriate. The AF could simply be maintaining a log of events which would enable the operator or another entity to learn about system and user statistics. Based on that, it can provide details about how system is being used for purposes of planning and network development.

These last described steps involving sending messages to the PCEF and the AF can, of course, take place in parallel and need not be performed sequentially as shown in FIG. 2.

One example of an AF that might be used is a logging function that keeps track of the VoIP traffic for different subscribers. This might be for the purpose of implementing more fine-tuned billing mechanisms for heavy VoIP users instead of simply applying a flat rate structure. Another application function might be to perform a lawful intercept which involves simply monitoring a logging traffic and messages from certain categories of users or certain subscribers.

The principles and methods described herein do not only apply only to mobile cell phone networks of the type described; they also apply to a wide range of other network types such as cable networks and fixed networks among which a Digital Subscriber Line (DSL) network is an example. In the various other networks in which these ideas might be implemented there is typically a special router (e.g. border gateway) which is similar to the GGSN and into which the PCEF functionality can be integrated. In the cable network, that border gateway is a CMTS and in the DSL network, it is a B-RAS. The border gateway finds the other routers in the network and it knows to which routers it should send traffic based on the destination of that traffic.

It should also be understood that the functionality described herein (such as the PCRF, the PCEF, the DPI, and the manager) can be implemented by software or code running on a processor system. Such a processor system would typically include computer readable medium storing the software or code for the relevant functionality and one or more processors on which that software or code is executed to implement the relevant functionality.

Other embodiments are within the following claims. 

What is claimed is:
 1. A method implemented by a policy server operating on a network to which is connected a device that performs a data packet inspection function, said method comprising: sending a first message over the network from the policy server to the device, said first message instructing the device to detect an occurrence of a particular network traffic or service taking place over a connection on the network and to send a notification to the policy server upon detecting the occurrence of said particular network traffic or service, wherein the device comprises a gateway general packet radio service (GPRS) support node that implements a deep packet inspection (DPI) function; at the policy server receiving a notification from the device that the device has detected the occurrence of said particular network traffic or service; and in response to receiving said notification, sending a second message over the network from the policy server to a network component, said second message containing information associated with said notification, said second message instructing the network component to apply a new rule to said particular network traffic or service taking place over the connection, and said second message containing at least one of bandwidth, quality of service (QoS), and charging policy instructions for said network component to implement with respect to said particular network traffic or service for said connection.
 2. The method of claim 1, wherein the network component is said device.
 3. The method of claim 1, wherein the second message contains the new rule.
 4. The method of claim 1, wherein the second message contains a pointer to the new rule.
 5. The method of claim 1, wherein the device is a gateway which also implements the data packet inspection function.
 6. The method of claim 1, wherein the component is a computer system running an application function.
 7. The method of claim 6, wherein the second message reports the detected occurrence of said particular traffic or service to the network component.
 8. The method of claim 6, wherein the network component logs information received from the policy server via the second message.
 9. The method of claim 1, wherein the policy server implements a policy and charging rules function (PCRF).
 10. The method of claim 1, further comprising receiving a notification that a particular subscriber has established the connection over the network and wherein sending the first message over the network from the policy server to the device is in response to receiving said notification that said particular subscriber has established the connection over the network.
 11. A system for detecting and reporting network traffic, the system comprising: a policy server for sending a first message over a network from the policy server to a device that performs a data packet inspection function, said first message including instructions for detecting an occurrence of a particular network traffic or service taking place over a connection on the network and to send a notification to the policy server upon detecting the occurrence of said particular network traffic or service, wherein the device comprises a gateway general packet radio service (GPRS) support node that implements a deep packet inspection (DPI) function; and a device for receiving the instructions, for detecting the particular traffic or service, and for sending a notification to the policy server that the device has detected the particular traffic or service, wherein the policy server receives the notification from the device that the device has detected the occurrence of said particular network traffic or service, and wherein, in response to receiving said notification, the policy server sends a second message over the network from the policy server to a network component, said second message containing information associated with said notification, said second message instructing the network component to apply a new rule to said particular network traffic or service taking place over the connection, and said second message containing at least one of bandwidth, quality of service (QoS), and charging policy instructions for said network component to implement with respect to said particular network traffic or service for said connection.
 12. The system of claim 11, wherein the policy server implements a Policy and Charging Rules Function (PCRF).
 13. The system of claim 11, wherein the network component comprises a computer system implementing an application function (AF).
 14. The system of claim 11, wherein the second message reports the detected occurrence of said particular traffic or service to the network component.
 15. The system of claim 11, wherein the policy server is configured to receive a notification that a particular subscriber has established the connection over the network and wherein the policy server is configured to send the first message over the network from the policy server to the device in response to receiving said notification that said particular subscriber has established the connection over the network.
 16. The system of claim 11, wherein the network component logs information received from the policy server via the second message. 